Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: [BUG] Zsh crashes when using autocomplete because of memory unsafety (double free)



On Sun, Jun 28, 2020 at 8:48 PM Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx> wrote:
>
> So the patch is sort of on the right track, but still not the whole
> story.  Turning this back over to others, I probably won't have a
> chance to look at it again for a few days.

Spent a little while on this today.

This seems to be related to get_comp_string() and the way completion
really wants to remove quotation marks.  E.g.:

% alias a='echo z'<TAB>
% alias a=echo\ zsh

When doing complete-in-word after an open-quote AND there are other
characters on the line that have to be backslash-escaped in order to
remove the quotes, the process of updating the line becomes confused.
For example, starting from:

% alias a="echo foo bar

Complete-in-word after "echo" crashes, and after "foo" produces the
"expect x at offset" debugging message.

It does seem to require the collusion of "compset -q" to actually
crash it.  The recalculation of where words begin and end leads to
mis-indexing.

Again this is as far as I've gotten.  If anyone else wants to have a
go, by all means.



Messages sorted by: Reverse Date, Date, Thread, Author